Feed
 

Intel CPU Kernel Protection Issue

Avatar Euan Williams
Interested members can access Intel's Statement here.

Appleinsider comments :
"Despite Intel explicitly denying that it is a bug in its statement, Apple, Microsoft, and others are already dealing with the problem. Apple has already at least in part rectified the issue in macOS High Sierra 10.13.2 from December, with Microsoft apparently having a patch in the works for Windows 10." [More patches expected with 10.13.3].

More detail information from Appleinsider here too.

Slowdowns due to patches seem currently not to Affect High Sierra - so far. Nice to see Apple ahead of the game :)

Re: Intel CPU Kernel Protection Issue

Avatar Euan Williams
The Register has published this useful summary (4th Jan 2018 @ 07.29)

Re: Intel CPU Kernel Protection Issue

Avatar Derek Wright
See this
Macrumours story

Re: Intel CPU Kernel Protection Issue

Avatar Euan Williams
The Comments in your Macrumours story are encouraging :)

Re: Intel CPU Kernel Protection Issue

Avatar Euan Williams
See Apple's statement (support pages)

Re: Intel CPU Kernel Protection Issue

Avatar Mick Burrell
Good old BBC - have you seen their report? Interesting to note that the headline is "All Macs, iPhones and iPads" and it's only near the bottom of the article that Microsoft and Android being affected too is mentioned. As they state that Android has 80% of the global market, shouldn't the fact that Android was affected have been the headline? ;-) Also, they don't make much of the fact that Apple, Microsoft and Google were able to release fixes before it became public knowledge.

Re: Intel CPU Kernel Protection Issue

Avatar Euan Williams
Quite so. The R4 'World at One' news today (Friday) was careful to avoid mention of our Windows cousins. Has anyone seen an ITN news broadcast? They use Macs more or less exclusively; Oh, and do we have any members in Tunbridge Wells?

Re: Intel CPU Kernel Protection Issue

Avatar Tony Still
There are updates out today (Monday 8th) to Safari in High Sierra, Sierra, El Capitan and iOS 11 to "help defend" against Spectre. This is very welcome since, in theory, that vulnerability can be exploited remotely through Javascript from a web page.

I've seen no reports of Spectre in the wild so this looks like a timely response from Apple. The support page linked by Euan has been updated and offers a little more reassurance. Well done Apple.

Re: Intel CPU Kernel Protection Issue

Avatar Tony Still
Apple issued security updates for Sierra and El Capitan on Jan 23rd that address Meltdown.

This is part of the usual raft of security fixes, the latter also being released for High Sierra. Recommended and should be considered urgent.

Re: Intel CPU Kernel Protection Issue

Avatar Mick Burrell
I assume the High Sierra part was issued with 10.13.3 which I picked up yesterday.

Re: Intel CPU Kernel Protection Issue

Avatar Tony Still
Mick - correct.

Re: Intel CPU Kernel Protection Issue

Avatar Euan Williams
This from ZDnet also casts some light on my "sudden shutdowns" with HiSi and APFS issues, now creeping towards resolution. See especially para 3 below:

>>Intel has released new microcode to address the stability and reboot issues on systems after installing its initial mitigations for Variant 2 of the Meltdown and Spectre attacks.

The stability issues caused by Intel's microcode updates resulted in Lenovo, HP, and Dell halting their deployment of BIOS updates last month as Intel worked to resolve the problems.

Intel initially said unexpected reboots were only seen on Broadwell and Haswell chips, but later admitted newer Skylake architecture chips were also affected. Microsoft also said it had also seen Intel's updates cause data loss or corruption in some cases.

While updates for Variant 1 Spectre and Variant 3 Meltdown attacks were largely unproblematic, Intel's IBRS fixes for the Variant 2 'branch target injection vulnerability' significantly impacted performance and caused stability problems.

When Intel told customers on January 22 to stop deploying its fix, it said it had developed early fixes for Haswell and Broadwell systems and would eventually release fixes for newer CPUs. <<
 
Feed